SoheilKhodayari / TheThing
TheThing: an open-source tool to detect DOM Clobbering vulnerabilities
☆45Updated last year
Alternatives and similar repositories for TheThing:
Users that are interested in TheThing are comparing it to the libraries listed below
- Same Origin XSS challenge☆56Updated 3 years ago
- DOM Clobbering Wiki, Browser Testing, and Payload Generation☆49Updated this week
- Silent Spring: Prototype Pollution Leads to Remote Code Execution in Node.js☆64Updated last year
- Guided Differential Fuzzing for HTTP Request Parsing Discrepancies☆17Updated last year
- Awesome MXSS ??☆49Updated 6 months ago
- Searcher for cross-site leaks (XS-Leaks)☆82Updated 2 years ago
- Proof of Concepts for unsafe deserialization in Ruby☆17Updated 6 months ago
- Client-Side Prototype Pollution Tools☆84Updated 3 years ago
- A collection of Server-Side Prototype Pollution gadgets and exploits☆185Updated 2 months ago
- jws2pubkey tool☆38Updated 10 months ago
- JAW: A Graph-based Security Analysis Framework for Client-side JavaScript☆105Updated 4 months ago
- Unsafe Unpacking Vulnerability: Lab Code, Semgrep Rules and Secure Implementation Guide☆40Updated 4 months ago
- lightyear is a tool to dump files in tedious (blind) conditions using PHP filters☆88Updated 5 months ago
- ☆16Updated last month
- Grammar-based HTTP/2 fuzzer with mutation ability☆43Updated 2 years ago
- ☆94Updated 3 years ago
- List of Trusted Types bypasses☆93Updated last year
- ☆62Updated 2 years ago
- Scalpel is a Burp extension for intercepting and rewriting HTTP traffic, either on the fly or in the Repeater using Python 3 scripts.☆58Updated 10 months ago
- Utility for creating ZipSlip archives☆72Updated 2 years ago
- This repository is a one-stop shop for diving deep into the fascinating world of mXSS (mutations caused by browser quirks in HTML parsing…☆18Updated 2 months ago
- Prototype Pollution exploits collection☆33Updated 3 years ago
- An extension to use Semgrep inside Burp Suite.☆88Updated last year
- Encode and Fuzz Custom Protobuf Messages in Burp Suite☆30Updated last month
- Find all libraries on cdn.js that pollute your prototype☆18Updated 2 years ago
- Dependency Confusion Security Testing Tool☆47Updated 2 years ago
- XBOW Validation Benchmarks☆84Updated 7 months ago
- Demo of the URLClassLoader JAR-swapping showing the ability to replace and exploit an already loaded JAR with inner classes☆31Updated 2 years ago
- a repository of all the CTF challenges I've made for public events☆53Updated last year
- XS-Leak Browser Test Suite☆80Updated last year